Research on Clickjacking & Network Sniffing

5 min readJan 20, 2022

Hello guys👋👋 ,Prajit here from the BUG XS Team and Cyber Sapiens United LLP Cybersecurity and Red Team Intern, in this I am regularly given some interesting tasks, In my thirteenth task I was given to research about Clickjacking attacks and Network Sniffing.

Clickjacking

Clickjacking is an interface-based attack in which a user is tricked into clicking on actionable content on a hidden website by clicking on some other content in a decoy website.

It refers to any attack where the user is tricked into unintentionally clicking an unexpected web page element.

The name was coined from click hijacking, and the technique is most often applied to web pages by overlaying malicious content over a trusted page or by placing a transparent page on top of a visible one.

When the user clicks an innocent-looking item on the visible page, they are actually clicking the corresponding location on the overlaid page and the click triggers a malicious action — for eg anything from faking a like or follow on social media to siphoning money from the user’s bank account.

Why Clickjacking Occurs?

This vulnerability occurs due to lack of X-Frame-Options header.

X-Frame-Options was originally introduced as an unofficial response header in Internet Explorer 8 and it was rapidly adopted within other browsers. The header provides the website owner with control over the use of iframes or objects so that inclusion of a web page within a frame can be prohibited with the deny directive.

Exploit Script:

<head>

<style>

#target_website {

position:relative;

width:128px;

height:128px;

opacity:0.00001;

z-index:2;

}

#decoy_website {

position:absolute;

width:300px;

height:400px;

z-index:1;

}

</style>

</head>

…

<body>

…decoy web content here…

</div>

</iframe>

</body>

How to mitigate clickjacking attacks?

Clickjacking is a browser-side behavior and its success or otherwise depends upon browser functionality and conformity to prevailing web standards and best practice. Server-side protection against clickjacking is provided by defining and communicating constraints over the use of components such as iframes. However, implementation of protection depends upon browser compliance and enforcement of these constraints. Two mechanisms for server-side clickjacking protection are X-Frame-Options and Content Security Policy.

Network Sniffing

Network eavesdropping or network sniffing attacks consist of intercepting network traffic between two target network nodes, and capturing network packets exchanged between nodes.

The main motives of sniffing attacks are:

1. Getting username and passwords

2. Stealing bank related/transaction related information

3. Spying on email and chat messages

4. Identity theft

What are the different types of Sniffing Attacks?

1. Active sniffing

● In active sniffing, attackers seize data packets by manipulating switch-based networks.

● Most networks today use a switch, which is a device connecting two network endpoints. They use the switches to forward data to a specified port using the port’s media access control (MAC) address.

● Attackers exploit this by injecting traffic into the LAN (Local Area Network) to enable sniffing.

● Common examples of active sniffing include MAC flooding, DNS (Domain Name Servers) spoofing, ARP (address resolution protocol) spoofing etc.

2. Passive sniffing

● Passive sniffing takes place through hubs or wireless networks, and attackers use MAC addresses to read the destination ports of data.

● They do not make any direct communication with the target, unlike active sniffing. Most packet sniffers are difficult to detect because they are passive.

Some of the Network Sniffing Tools are:

1. Wireshark

2. Debookee

3. dSniff

How to Prevent Sniffing Attacks?

1. Connect to trusted networks:

● Do you trust the free Wi-Fi offered by the coffee shop next door? Connecting to any public network will have a risk that the traffic might be sniffed.

● Attackers choose these public places exploiting the user’s lack of knowledge. Public networks are set up and then may or may not be monitored for any intrusions or bugs.

● Attackers can either sniff that network or create a new network of their own with similar names so that the users get tricked into joining that network.

● An attacker sitting at an airport can create a Wi-Fi with the name of “Free Airport Wi-Fi” and the nearby users may connect to it sending all the data through the attackers’ sniffer node.

● The word of caution here is that you should only connect to the network you trust — home network, office network etc.

2. Encrypt Everything!:

● Encrypt all the traffic that leaves your system. This will ensure that even if the traffic is being sniffed, the attacker will not be able to make sense of it.

● One thing here to be noted is that security works on defense in depth principle. Encrypting the data does not mean that now everything is safe.

● The attacker might be able to capture a lot of data and run crypto attacks to get something out of it.

● Use of secure protocols ensures that the traffic is encrypted and renders security for the traffic. Websites using https protocol are more secure than the ones that use HTTP — how is that achieved? Encryption via SSL and TLS protocol

3. Network scanning and monitoring:

● Networks must be scanned for any kind of intrusion attempt or rogue devices that may be setup in span mode to capture traffic.

● Network admins must monitor the network as well so as to ensure the device hygiene.

● The IT team can use various techniques to determine the presence of sniffers in the network.

● Bandwidth monitoring is one, an audit of devices which are set to promiscuous mode etc.

This is all for today’s writeup.

Thanks For Reading 😊

Profile Links:

Twitter: https://twitter.com/SAPT01

LinkedIn: https://www.linkedin.com/in/prajit-sindhkar-3563b71a6/

Instagram: https://instagram.com/prajit_01?utm_medium=copy_link

BUG XS Official Website: https://www.bugxs.co/